diff --git a/acertmgr/__init__.py b/acertmgr/__init__.py
index 6f5f3b9..b5188f6 100755
--- a/acertmgr/__init__.py
+++ b/acertmgr/__init__.py
@@ -70,7 +70,14 @@ def cert_get(settings):
         key = tools.new_ssl_key(key_file, key_length)
 
     # create ssl csr
-    cr = tools.new_cert_request(settings['domainlist'], key)
+    csr_file = settings['csr_file']
+    if os.path.isfile(csr_file) and str(settings['csr_static']).lower() == 'true':
+        print('Loading CSR from {}'.format(csr_file))
+        cr = tools.read_pem_file(csr_file, csr=True)
+    else:
+        print('Generating CSR for {}'.format(settings['domainlist']))
+        cr = tools.new_cert_request(settings['domainlist'], key)
+        tools.write_pem_file(cr, csr_file)
 
     # request cert with csr
     crt, ca = acme.get_crt_from_csr(cr, settings['domainlist'], challenge_handlers)
diff --git a/acertmgr/configuration.py b/acertmgr/configuration.py
index c72bdfd..7b353a7 100644
--- a/acertmgr/configuration.py
+++ b/acertmgr/configuration.py
@@ -113,6 +113,13 @@ def parse_config_entry(entry, globalconfig, work_dir, authority_tos_agreement):
     update_config_value(config, 'ttl_days', entry, globalconfig, DEFAULT_TTL)
     config['ttl_days'] = int(config['ttl_days'])
 
+    # Use a static cert request
+    update_config_value(config, 'csr_static', entry, globalconfig, "false")
+
+    # SSL cert request location
+    update_config_value(config, 'csr_file', entry, globalconfig,
+                        os.path.join(config['cert_dir'], "{}.csr".format(config['id'])))
+
     # SSL cert location (with compatibility to older versions)
     if 'server_cert' in globalconfig:
         print("WARNING: Legacy configuration directive 'server_cert' used. Support will be removed in 1.0")
diff --git a/acertmgr/tools.py b/acertmgr/tools.py
index dac33e4..8566350 100644
--- a/acertmgr/tools.py
+++ b/acertmgr/tools.py
@@ -102,11 +102,14 @@ def new_ssl_key(path=None, key_size=4096):
 # @brief read a key from file
 # @param path path to file
 # @param key indicate whether we are loading a key
+# @param csr indicate whether we are loading a csr
 # @return the key in pyopenssl format
-def read_pem_file(path, key=False):
+def read_pem_file(path, key=False, csr=False):
     with io.open(path, 'r') as f:
         if key:
             return serialization.load_pem_private_key(f.read().encode('utf-8'), None, default_backend())
+        elif csr:
+            return x509.load_pem_x509_csr(f.read().encode('utf8'), default_backend())
         else:
             return convert_pem_str_to_cert(f.read())